Thursday, February 02, 2017

My testimony on the Security of Canada Information Sharing Act

Earlier this week, I was invited to testify before the House of Commons Standing Committee on Access to Information, Privacy and Ethics as part of their study of the Security of Canada Information Sharing Act (here's the notice of meeting: House of Commons Committees - ETHI (42-1) - Notice of Meeting - Number 042 (Official Version)).

The Act is one of the more problematic portions of the Anti-terrorism Act of 2015, which was passed by the previous government. The new government has said they'd fix it, but it it unclear what they would fix.

I was pleased to testify alongside Laura Tribe of OpenMedia and David Elder, who spoke on behalf of the Canadian Bar Association Privacy and Access Law Section.

The audio of the full session is here, and below is my opening statement:

Thank you to the committee and to the chair for the opportunity to speak with you today about this very important subject.

If I may introduce myself: I am a privacy lawyer practicing with McInnes Cooper in Halifax. I’ve been practicing law in this area for more than fifteen years and I have had the benefit of advising clients on a full range of privacy, access to information and technology issues for that time. I work with clients who regularly have contact with the police and with national security authorities looking for information, both through regular lawful channels and -- shall we say -- informal channels.

I am here in my personal capacity, so I am not speaking for any of my clients, any associations that I am a member of nor on behalf of my firm.

This committee has a very important opportunity and I think we are at a turning point in global history. We have the chance, right now, to take a deep breath, take a step back and ask some very important questions. Who are we as Canadians and what do we want to be? What kind of country do we want to live in and are we taking positive steps to make it happen?

Looking south of the border, I am very mindful of a phrase I first heard said by William Binnie after he left the National Security Agency. He was afraid that what he was being asked to create within that organization was “turnkey totalitarianism”. If you build an intrusive tool for the most benevolent institution, you can have faith in the people you build it for but you can’t be sure that it will not fall into the wrong hands. Setting aside the cynicism I have developed over the last dozen years, even if you absolutely believe what the leaders of our national security and policing agencies say to you, you can’t be sure that their replacements will have the same good faith and concern about the rights of citizens. You can’t be sure about the good faith and commitment to Canadian values of the next prime minister. The new US administration has at its disposal the most significant surveillance apparatus ever assembled, and it’s being built with Canadian collaboration. This committee needs to look at the “here and now”, but also has to be looking over the horizon for what may come next. The Anti-Terrorism Act of 2001 and the Anti-Terrorism Act of 2015 are the foundation that massive abuse of Canadians’ rights may be built on.

We also need to look at whether any of this is really necessary or proportional. Look at what we have here and what is going on. On one hand, we’ve seen that CSIS, with the assistance of the Department of Justice lawyers, has lied to courts in order to feed CSIS’ databases.

And we’ve also seen that CSIS has refused to delete the information they unlawfully retain.

And we’ve most recently seen that CSIS has been working to try to justify their data mining practices and has been looking for more data to put into that data base.

And, on the other hand, we have the Security of Canada Information Sharing Act, which is a privacy disaster. The privacy of Canadians was previously protected by information silos. You knew that information about your Canada Pension Plan or EI claims would not be used for another purpose unless the (relatively weak) hurdles built into the Privacy Act were complied with or unless a judge determined it was appropriate in those circumstances. Now we have a system where CSIS can ask any government department for virtually any data (as long as they think it is relevant), can get it and it’s no longer covered by the same protection of the originating institution.

They may think “people who visit bad guys are probably bad guys, so let’s get all the visitor logs from Corrections Canada”. Then “let’s match that up against Canada Border Services records of people leaving and returning to Canada.” And why not “all the records of people receiving EI?” And then everyone’s tax returns to see who has donated to muslim charities? This law would allow CSIS or the RCMP to collect, in one massive database, all the information that every other government department has about you.

SCISA does not contain any limit on what organizations like CSIS or the RCMP can do once they build these databases.

There is NO limit on how much information can be transferred between any government department and any of those institutions listed in the schedule to the Act. And all of this happens in the shadows. As parliamentarians, all you get to know are the evasive non-answers given to you. There is no oversight and no accountability. This is essentially a blank cheque giving national security agencies access some of the most sensitive information about Canadians. This is a real problem and the Act should be repealed.

I would also highlight that the presence of s. 9 should raise a red flag: “9 No civil proceedings lie against any person for their disclosure in good faith of information under this Act.” If a statute has to provide immunity for otherwise unlawful conduct, we should be very careful about authorizing that conduct and should be very careful about granting that immunity.

I look forward to your questions.

No comments: